Software Supply Chain Security

December 1, 2022

W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

Here's ReversingLabs' discoveries and indicators of compromise (IOCs) for W4SP, as well as links to our YARA rule that can be used to detect the malicious Python packages in your environment. 
December 1, 2022

The Week in Security: Docker Hub leaks secrets, Black Basta ransomware gangs up on retailer

This week: Another open-source platform is being used by cybercriminals. Also: the Black Basta ransomware gang takes credit for the attack on Maple Leaf Foods. 
December 1, 2022

Log4j one year in: Vulnerability fuels attacks — and a new urgency for software supply chain security

One year ago, a vulnerability in Apache’s Log4j turned the security world on its ear. What has changed since then? Here are the key takeaways from Log4Shell's legacy.
November 23, 2022

GitHub repojacking attack: 10 lessons for software teams

Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.
November 17, 2022

The Week in Security: Disguised Russian software used in U.S. Army, CDC applications

This week: software security and international relations collide as one tech company falsely brands itself as a U.S. software supplier. Also: a Canadian supermarket chain has been hit with a ransomware attack. 
November 10, 2022

The Week in Security: Former Uber CSO convicted over hack cover-up, supply chain attack targets media

This week: Former Uber CSO is convicted for his attempted cover-up of a 2016 hack of the company. Also: A software supply chain attack has pushed out malware to at least 250 media sites. 
November 8, 2022

Forrester Security & Risk talk: Go beyond the SBOM for software supply chain security

At the Forrester Security & Risk Forum, ReversingLabs Field CISO Matt Rose presents about what information an SBOM provides — and how it can be put to good use.
November 7, 2022

SBOMs in the SaaS era: 5 reasons why you should consider a SaaSBOM

Here's why your organization should consider a SaaSBOM, as well as the essential challenges facing their implementation.